From b59b270500549ee1ed155f0dae8506a652dfeea6 Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Wed, 8 Nov 2023 06:14:54 -0800 Subject: [PATCH 1/3] [threat-actors] Add SingularityMD --- clusters/threat-actor.json | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index aef7928..eab8e9e 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12811,6 +12811,18 @@ }, "uuid": "be4ea668-6a74-44d9-946e-e98e64a8855b", "value": "Dalbit" + }, + { + "description": "SingularityMD is a threat actor group that has targeted educational institutions in the US. They gained unauthorized access to their networks by exploiting weak security practices, such as using students' dates of birth as passwords. SingularityMD demanded a ransom in cryptocurrency and threatened to leak stolen information if not paid. They have demonstrated a willingness to follow through on their threats and have already leaked some data.", + "meta": { + "refs": [ + "https://www.databreaches.net/jeffco-public-schools-hit-by-the-same-threat-actors-that-hit-clark-county-school-district-and-via-the-same-way/", + "https://research.checkpoint.com/2023/30th-october-threat-intelligence-report/", + "https://www.databreaches.net/hackers-escalate-leak-200k-ccsd-students-data-claim-to-still-have-access-to-ccsd-email-system/" + ] + }, + "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf", + "value": "SingularityMD" } ], "version": 293 From 23b95c50d5efe58595fa20b6f9c5f08b8a658f7a Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Wed, 8 Nov 2023 06:14:54 -0800 Subject: [PATCH 2/3] [threat-actors] Add SCARLETEEL --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index eab8e9e..ca920f9 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12823,6 +12823,17 @@ }, "uuid": "d52a06dd-3ee9-47cf-ad31-b55ca4cbc5cf", "value": "SingularityMD" + }, + { + "description": "SCARLETEEL is a threat actor that primarily targets cloud environments, specifically AWS and Kubernetes. They have been observed stealing proprietary data and intellectual property, as well as conducting cryptomining operations. SCARLETEEL employs sophisticated tactics and tools to bypass security measures and gain unauthorized access to accounts, often exploiting vulnerabilities in containerized workloads and misconfigurations in AWS policies.", + "meta": { + "refs": [ + "https://sysdig.com/blog/scarleteel-2-0/", + "https://sysdig.com/blog/cloud-breach-terraform-data-theft/" + ] + }, + "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374", + "value": "SCARLETEEL" } ], "version": 293 From f5b7ad54789f7037b3846602a7f8584cc17f545d Mon Sep 17 00:00:00 2001 From: Mathieu4141 Date: Wed, 8 Nov 2023 06:14:54 -0800 Subject: [PATCH 3/3] [threat-actors] Add DiceyF --- clusters/threat-actor.json | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index ca920f9..60758f0 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -12834,6 +12834,17 @@ }, "uuid": "e03a7ecb-b8a1-40c5-b5af-638ee6029374", "value": "SCARLETEEL" + }, + { + "description": "DiceyF is an advanced persistent threat group that has been targeting online casinos and other victims in Southeast Asia for an extended period. They have exhibited overlapping activity with LuckyStar PlugX and Earth Berberoka/GamblingPuppet, as reported by various cybersecurity vendors. While their motivations remain unclear, previous incidents suggest a combination of espionage and intellectual property theft rather than immediate financial gain. DiceyF continuously evolves their codebase and adds encryption capabilities to enhance their stealthy cyberespionage activities.", + "meta": { + "country": "CN", + "refs": [ + "https://securelist.com/diceyf-deploys-gameplayerframework-in-online-casino-development-studio/107723/" + ] + }, + "uuid": "46de4091-379f-478c-bb6d-5833e2047f15", + "value": "DiceyF" } ], "version": 293